If specification authors are not interested in putting explicit statement
about which identity is being verified in the signature (which I think
is a mistake and would cause extra lookups), you should still have way
to specify identity in the policy record.
Correct way to do it is instead of having general "o=" signing policy
have that for specific identity type, i.e.
"from=~" - indicates policy in regards to "From:" header field
"sender=-" - indicates policy in regards to "Sender:" header field
(two other identities of interest are host/ehlo and 2821 mailfrom)
If at the origin site they are able to enforce policies that all email
from the listed author (be it specific user or domain) are signed, they
should be free to indicate that.
Accidentally use "policy" data for particular identities should also be
voluntary, i.e. if recipient implementation only wants to lookup policy
records in regards to "sender" identity, but will not care to do it for
"from", that is fine. Its their choice (like its with current spam
filters) what data it finds useful, but if they do look up and use
policy data I think there should be clear rules on how to interpret it
and what to do.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
ietf-dkim mailing list
http://dkim.org